syzbot

 sign-in | mailing list | source | docs
🐞 Open [994] Subsystems 🐞 Fixed [5244] 🐞 Invalid [12516] Missing Backports [83] 📈 Kernel Health 📈 Bug Lifetimes 📈 Fuzzing 📈 Crashes 💬 Send us feedback

KASAN: slab-use-after-free Write in __fscache_relinquish_cookie

Status: upstream: reported C repro on 2024/02/02 09:46
Subsystems: netfs
[Documentation on labels]
Reported-by: syzbot+a4c1a7875b2babd9e359@syzkaller.appspotmail.com
First crash: 89d, last: 30d
Cause bisection: failed (error log, bisect log)
  
Discussions (2)
Title Replies (including bot) Last reply
[PATCH next] fs/9p: fix uaf in in __fscache_relinquish_cookie 1 (1) 2024/02/02 14:03
[syzbot] [netfs?] KASAN: slab-use-after-free Write in __fscache_relinquish_cookie 1 (3) 2024/02/02 13:10
Last patch testing requests (4)
Created Duration User Patch Repo Result
2024/03/04 04:29 22m retest repro linux-next error OK
2024/03/04 04:29 57m retest repro linux-next error OK
2024/03/04 04:29 31m retest repro linux-next error OK
2024/02/02 12:28 23m eadavis@qq.com patch https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master OK log

Sample crash report:
==================================================================
BUG: KASAN: wild-memory-access in instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
BUG: KASAN: wild-memory-access in test_and_set_bit include/asm-generic/bitops/instrumented-atomic.h:71 [inline]
BUG: KASAN: wild-memory-access in __fscache_relinquish_cookie+0x2c/0x580 fs/netfs/fscache_cookie.c:977
Write of size 8 at addr adacafaea9a8ac9a by task syz-executor422/7753

CPU: 0 PID: 7753 Comm: syz-executor422 Not tainted 6.8.0-rc4-next-20240214-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114
 print_report+0xe8/0x550 mm/kasan/report.c:491
 kasan_report+0x143/0x180 mm/kasan/report.c:601
 kasan_check_range+0x282/0x290 mm/kasan/generic.c:189
 instrument_atomic_read_write include/linux/instrumented.h:96 [inline]
 test_and_set_bit include/asm-generic/bitops/instrumented-atomic.h:71 [inline]
 __fscache_relinquish_cookie+0x2c/0x580 fs/netfs/fscache_cookie.c:977
 fscache_relinquish_cookie include/linux/fscache.h:308 [inline]
 v9fs_evict_inode+0x100/0x180 fs/9p/vfs_inode.c:356
 evict+0x2a8/0x630 fs/inode.c:666
 v9fs_fid_iget_dotl+0x1bf/0x210 fs/9p/vfs_inode_dotl.c:96
 v9fs_get_inode_from_fid fs/9p/v9fs.h:230 [inline]
 v9fs_mount+0x7f9/0xa90 fs/9p/vfs_super.c:142
 legacy_get_tree+0xee/0x190 fs/fs_context.c:662
 vfs_get_tree+0x90/0x2a0 fs/super.c:1784
 do_new_mount+0x2be/0xb40 fs/namespace.c:3352
 do_mount fs/namespace.c:3692 [inline]
 __do_sys_mount fs/namespace.c:3898 [inline]
 __se_sys_mount+0x2d9/0x3c0 fs/namespace.c:3875
 do_syscall_64+0xfb/0x240
 entry_SYSCALL_64_after_hwframe+0x6d/0x75
RIP: 0033:0x7f542cfe7ea9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffffaac1428 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f542d03103b RCX: 00007f542cfe7ea9
RDX: 00000000200001c0 RSI: 0000000020000040 RDI: 0000000000000000
RBP: 00000000000f4240 R08: 0000000020000300 R09: 00000000000000a0
R10: 0000000000000000 R11: 0000000000000246 R12: 000000000001803f
R13: 00007ffffaac143c R14: 00007ffffaac1450 R15: 00007ffffaac1440
 </TASK>
==================================================================

Crashes (122):
Time Kernel Commit Syzkaller Config Log Report Syz repro C repro VM info Assets (help?) Manager Title
2024/02/19 03:57 linux-next 2c3b09aac00d 578f7538 .config strace log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: wild-memory-access Write in __fscache_relinquish_cookie
2024/01/30 12:49 linux-next 596764183be8 991a98f4 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: wild-memory-access Write in __fscache_relinquish_cookie
2024/01/29 19:58 linux-next 596764183be8 991a98f4 .config console log report syz C [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: wild-memory-access Write in __fscache_relinquish_cookie
2024/03/28 04:51 upstream 962490525cff 120789fd .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/28 00:50 upstream 962490525cff 120789fd .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/27 18:04 upstream 962490525cff 454571b6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/27 15:53 upstream 7033999ecd7b 454571b6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/27 12:39 upstream 7033999ecd7b 454571b6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/27 06:39 upstream 7033999ecd7b 454571b6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/27 00:41 upstream 7033999ecd7b 454571b6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/26 21:38 upstream 928a87efa423 454571b6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/26 14:49 upstream 928a87efa423 bcd9b39f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/26 10:49 upstream 928a87efa423 bcd9b39f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/26 06:53 upstream 928a87efa423 bcd9b39f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/25 23:24 upstream 928a87efa423 bcd9b39f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/25 15:58 upstream 4cece7649650 0ea90952 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/24 10:00 upstream 70293240c5ce 0ea90952 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/23 20:50 upstream 484193fecd2b 0ea90952 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/23 07:54 upstream bfa8f18691ed 0ea90952 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/21 14:19 upstream 23956900041d 6753db5c .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/20 12:35 upstream a4145ce1e7bc 5b7d42ae .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/19 10:50 upstream b3603fcb79b1 baa80228 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/28 07:01 upstream 962490525cff 120789fd .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/28 04:22 upstream 962490525cff 120789fd .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/27 14:40 upstream 7033999ecd7b 454571b6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/27 04:03 upstream 7033999ecd7b 454571b6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/26 22:28 upstream 7033999ecd7b 454571b6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/26 20:16 upstream 928a87efa423 454571b6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/26 17:06 upstream 928a87efa423 454571b6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/26 09:31 upstream 928a87efa423 bcd9b39f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/26 08:06 upstream 928a87efa423 bcd9b39f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/26 00:37 upstream 928a87efa423 bcd9b39f .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/18 23:59 upstream b3603fcb79b1 baa80228 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/17 20:37 upstream 906a93befec8 d615901c .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/02/18 21:29 linux-next 2c3b09aac00d 578f7538 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/02/18 19:47 linux-next 2c3b09aac00d 578f7538 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/02/18 12:47 linux-next 2c3b09aac00d 578f7538 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/02/17 06:20 linux-next 2c3b09aac00d 578f7538 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/02/16 10:32 linux-next 2c3b09aac00d 578f7538 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: slab-use-after-free Write in __fscache_relinquish_cookie
2024/03/25 06:25 upstream 4cece7649650 0ea90952 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: wild-memory-access Write in __fscache_relinquish_cookie
2024/03/22 05:38 upstream 8e938e398669 7a239ce7 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: wild-memory-access Write in __fscache_relinquish_cookie
2024/03/19 11:50 upstream b3603fcb79b1 e104824c .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: wild-memory-access Write in __fscache_relinquish_cookie
2024/03/18 06:43 upstream 906a93befec8 d615901c .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: wild-memory-access Write in __fscache_relinquish_cookie
2024/03/17 06:28 upstream 741e9d668aa5 d615901c .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: wild-memory-access Write in __fscache_relinquish_cookie
2024/03/16 23:02 upstream 66a27abac311 d615901c .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream KASAN: wild-memory-access Write in __fscache_relinquish_cookie
2024/03/27 17:03 upstream 7033999ecd7b 454571b6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: wild-memory-access Write in __fscache_relinquish_cookie
2024/03/26 18:17 upstream 928a87efa423 454571b6 .config console log report info [disk image (non-bootable)] [vmlinux] [kernel image] ci-qemu-upstream-386 KASAN: wild-memory-access Write in __fscache_relinquish_cookie
2024/02/17 01:19 linux-next 2c3b09aac00d 578f7538 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: wild-memory-access Write in __fscache_relinquish_cookie
2024/02/16 12:23 linux-next 2c3b09aac00d 578f7538 .config console log report info [disk image] [vmlinux] [kernel image] ci-upstream-linux-next-kasan-gce-root KASAN: wild-memory-access Write in __fscache_relinquish_cookie
* Struck through repros no longer work on HEAD.